Available Reports

The following are the reports currently available with SBOM Management. For additional details about each report, see Report Examples.

•

SBOM Report in CycloneDX Format—An SBOM report in the CycloneDX v1.4 format (.xml) for the selected bucket. This report format is generated in three versions:

•

The regular Regular Cyclone DX Version provides details for each SBOM part in the bucket.

•

The CycloneDX VDR Version (Vulnerability Disclosure Report) provides details about all security vulnerabilities associated with SBOM parts in a bucket.

•

The CycloneDX VEX Version (Vulnerability Exploitability eXchange) shows information about only vulnerability exclusions—that is, those security vulnerabilities that associated with SBOM parts in the bucket but that do pose a security threat to your application or other entity.

•

SBOM Report in SPDX Format—An SBOM report in the SPDX v2.2 tag/value format (.spdx) for the selected bucket.

•

SBOM Report in Excel and HTML Formats—A human-readable SBOM report listing the component name, associated licenses, and package URL for each SBOM part in the selected bucket. The report is generated in two formats—.html and .xlsx.

•

Third-Party Notices Report—A third-party notices report (in .html format) containing the attributions and license text for each SBOM part in the selected bucket.

•

Vulnerability Report—A security report (in .html format) providing details for all security vulnerabilities currently associated with SBOM parts in the selected bucket.